2009/11/12 Ian Fette (イアンフェッティ) <ifette@google.com>:
> This is really getting into fantasy-land... Writing a file and hoping that
> the user actually opens up explorer/finder/whatever and browses to some
> folder deep within the profile directory, and then double clicks something?
> Telling a user "click here and run blah to get a pony" is so much easier.
So first off that only addresses one of the two attacks I listed.
But even that case I don't think is that fantasy-y. The whole point of
writing actual files is so that users can interact with the files,
right? In doing so they'll be just a double-click away from running
arbitrary malicious code. No warning dialogs or anything. Instead the
attacker has a range of social engineering opportunities using file
icon and name as to make doubleclicking the file inviting.
Like I said, I think this might be possible to work around in the
implementation by making sure to neuter all executable files before
they go to disk.
/ Jonas